next-terminal堡垒机原生安装

官方原文https://next-terminal.typesafe.cn/docs/install/native-install.html

整理后可以直接安装, 不用那么费事.

大量管理ssh或者rdp的时候, 中心化管理比较方便.

#安装各种需要的工具包
yum install -y epel-release
yum install -y tcpdump net-tools  vim mtr git tar
yum install -y libguac-client-kubernetes libguac-client-rdp libguac-client-ssh  libguac-client-telnet libguac-client-vnc guacd fontconfig mkfontscale
#下载已编译好的最新版本
wget https://github.com/dushixiang/next-terminal/releases/latest/download/next-terminal.tar.gz -O -| tar xz -C /usr/local/;

#更新所需要的字体
cd  /usr/share/fonts/
wget https://gitee.com/dushixiang/next-terminal/raw/master/guacd/fonts/{Menlo-Regular.ttf,SourceHanSansCN-Regular.otf}
wget -c https://github.com/dushixiang/next-terminal/raw/master/guacd/fonts/{Menlo-Regular.ttf,SourceHanSansCN-Regular.otf}
mkfontscale
mkfontdir
fc-cache

mkdir /etc/guacamole/ 
cat>/etc/guacamole/guacd.conf<<EOF
[daemon]
pid_file = /var/run/guacd.pid
log_level = info
[server]
# 监听地址
bind_host = 127.0.0.1
bind_port = 4822
EOF
sed -i 's/User=/#User=/g'  /usr/lib/systemd/system/guacd.service
sed -i 's/Group=/#Group=/g'  /usr/lib/systemd/system/guacd.service

cat>/usr/local/next-terminal/config.yml<<EOF
db: sqlite
# 当db为sqlite时mysql的配置无效
#mysql:
#  hostname: 172.16.101.32
#  port: 3306
#  username: root
#  password: mysql
#  database: next-terminal

# 当db为mysql时sqlite的配置无效
sqlite:
  file: 'next-terminal.db'
server:
  addr: 0.0.0.0:8088
# 当设置下面两个参数时会自动开启https模式(前提是证书文件存在)
#  cert: /root/next-terminal/cert.pem
#  key: /root/next-terminal/key.pem

# 授权凭证和资产的密码,密钥等敏感信息加密的key,默认`next-terminal`
#encryption-key: next-terminal
guacd:
  hostname: 127.0.0.1
  port: 4822
  # 此路径需要为绝对路径,并且next-terminal和guacd都能访问到
  recording: '/usr/local/next-terminal/data/recording'
  # 此路径需要为绝对路径,并且next-terminal和guacd都能访问到
  drive: '/usr/local/next-terminal/data/drive'

sshd:
  # 是否开启sshd服务
  enable: false
  # sshd 监听地址,未开启sshd服务时此配置不会使用
  addr: 0.0.0.0:8089
  # sshd 使用的私钥地址,未开启sshd服务时此配置不会使用
  key: ~/.ssh/id_rsa
EOF

cat>/etc/systemd/system/next-terminal.service<<EOF 
[Unit]
Description=next-terminal service
After=network.target

[Service]
User=root
WorkingDirectory=/usr/local/next-terminal
ExecStart=/usr/local/next-terminal/next-terminal
Restart=on-failure
LimitNOFILE=1048576

[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload # 重载服务
systemctl enable next-terminal # 开机启动
systemctl start next-terminal # 启动服务
systemctl enable guacd
systemctl start guacd
systemctl status guacd
systemctl status next-terminal # 查看状态
service firewalld stop  #自己根据情况开放端口或者关闭系统防火墙

next-terminal堡垒机原生安装

1 条用户评论。
  1. zvv zvv
    评论 发表时间:Saturday 26th/11/2022 07:48:26 PM 1楼

    偷了。

添加新评论 »